deps: upgrade tslib to 2.4.0, remove @yarn-tool/resolve-package

- tslib 2.4.0 is forward and backward-compatible with older and newer Node exports mechanisms, so the Node 17 error should no longer be present - it has the older `./` and the newer `./*` in its package exports, which should allow for `package.json` to be read in both older and newer implementations - this allows us to remove the extra dep on `@yarn-tool/resolve-package` as well - other than less unnecessary deps being good, `@yarn-tool/resolve-package` is also a not well-documented package with very few users, which does not make for a good security posture for rpt2 (which has historically prioritized supply chain security in other issues around deps) or, in particular, its consumers, which there are very many of (in contrast with `@yarn-tool`) - per my issue comment, we could also have avoided the extra dep prior to the tslib upgrade by resolving to absolute paths, as Node only does a "weak" encapsulation of relative imports - test: add a small unit test for tslib.ts to ensure that this method works and passes on different Node versions in CI - more a smoke test that it runs at all, the testing is additional and a bit duplicative of the source tbh
ezolenko · May 14, 2022 · 189aaa5 · 189aaa5
1 parent 56716de
commit 189aaa5
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 15 deletions.
diff --git a/__tests__/tslib.spec.ts b/__tests__/tslib.spec.ts
@@ -0,0 +1,11 @@
+import { test, expect } from "@jest/globals";
+import * as fs from "fs-extra";
+
+import { tslibVersion, tslibSource } from "../src/tslib";
+
+test("tslib", async () => {
+  expect(tslibVersion).toEqual(require("tslib/package.json").version);
+
+  const tslibES6 = await fs.readFile(require.resolve("tslib/tslib.es6.js"), "utf8");
+  expect(tslibSource).toEqual(tslibES6);
+});
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -33,11 +33,10 @@
   },
   "dependencies": {
     "@rollup/pluginutils": "^4.1.2",
-    "@yarn-tool/resolve-package": "^1.0.40",
     "find-cache-dir": "^3.3.2",
     "fs-extra": "^10.0.0",
     "resolve": "^1.20.0",
-    "tslib": "^2.3.1"
+    "tslib": "^2.4.0"
   },
   "peerDependencies": {
     "rollup": ">=1.26.3",

diff --git a/src/tslib.ts b/src/tslib.ts
@@ -5,12 +5,12 @@ export const TSLIB = "tslib";
 export const TSLIB_VIRTUAL = "\0tslib.js";
 export let tslibSource: string;
 export let tslibVersion: string;
+
 try
 {
 	// tslint:disable-next-line:no-string-literal no-var-requires
-	const _ = require("@yarn-tool/resolve-package").resolvePackage('tslib');
-	const tslibPackage = _.pkg;
-	const tslibPath = _.resolveLocation(tslibPackage.module);
+	const tslibPackage = require("tslib/package.json");
+	const tslibPath = require.resolve("tslib/" + tslibPackage.module);
 	tslibSource = readFileSync(tslibPath, "utf8");
 	tslibVersion = tslibPackage.version;
 } catch (e)